The HIPAA Journal has spoken with Zbyněk Sopuch, Chief Technology Officer at Safetica Inc., a global software company that provides business data protection and insider threat prevention solutions, including HIPAA-regulated entities.

Zbyněk Sopuch, Chief Technology Officer at Safetica Inc.

What is your current position?

My current role is Chief Technology Officer (CTO), where I strike a balance between the world of technology and our customers’ needs, including healthcare customers.

What was your first position?

I started as an OS security developer, understanding the details of protection and weak points of different operating systems. Then I started to grow through various organizations, including Safetica, through different leadership roles in product development, allowing me to get a strategic understanding to balance cost, value, and engineering. For me, connecting technology with real-world scenarios and organizational demands has become very fulfilling.

Tell our readers about your career in the healthcare industry

My first professional contact with the healthcare industry was 11 years ago as head of software development for a Data Leak Protection solution. Besides the protection of intellectual property, having hospitals and private clinics as clients brought us into data regulation even before the personal data regulation era. One of the key parts of the healthcare industry is the protection of patient data, established in the US through HIPAA, and here in Europe with parallel HHS safeguards, which are quite similar. A key role of these early data leak solutions was aligning organizations in compliance with these healthcare regulations. On a particular level, some of my first tangible experiences in healthcare have been around data protection in a chain of private reproduction clinics. Data there felt personally very sensitive, and I began to understand data protection in healthcare as the extension of the trust between a doctor and a patient.

What are the main challenges in your current position?

At Safetica, we saw global demand for data security grow over the last ten years, and we see the medical sector as a key driver of that growth, both due to rising data regulations, the emergence of digital transformation in the sector, and increasing data mobility across private and public networks. The mission of Safetica is to bring this enterprise-level data security to small and medium businesses, with limited IT resources and capacities.

Are you working on any interesting projects?

At the moment, I’m deeply involved in an exciting project centered around our Safetica DLP Cloud Security solution, specifically tailored for the healthcare sector in the USA. Recognizing the unique challenges faced by small medical practices and health tech companies, especially concerning patient data security and regulatory compliance like HIPAA, we’re refining and enhancing Safetica DLP to ensure it is intuitive, scalable, and effective. Our goal is to provide these practices with a robust data loss prevention tool that not only safeguards sensitive patient information but also seamlessly integrates with their workflows, ensuring that they can maintain the highest standards of data protection without any added complexities.

What products/services do you provide for the healthcare industry and what is unique about them?

We provide the healthcare industry with our DLP solution, which strikes a balance between security and operation. Straightforward implementation and ease of use are critical for us. We understand security in healthcare is necessary, but not the primary business. So, our solution is aimed to empower smaller clinics, for example, with internal trust and confidence to deal with sensitive patients’ data without having large resources. We have it designed to fit into all types of environments and regulations, so, for example, we provide a managed cloud version for regular offices and clinics, but even a version for self-managed use in the cloud or on-premises for organizations with the highest demand for connectivity separated from the general web and with maximum control.

What are your main challenges regarding HIPAA?

While HIPAA is undeniably important for patient data protection, its nature poses challenges, especially for smaller entities. It’s written by lawyers for lawyers, and while larger institutions have dedicated teams to decipher and implement its guidelines, smaller clinics or practices might struggle with the complexity. They often lack the resources to hire specialists, leading them to rely on common sense, intuition, and, hopefully, some form of digital assistance. Staying updated with the ever-evolving regulations and ensuring that every staff member is trained and compliant adds another layer of complexity. Our aim with Safetica DLP is to bridge this gap, offering a tool that simplifies the compliance process for these smaller entities, making it more intuitive and less resource-intensive.

Do you have any predictions for the future of healthcare technology?

Maybe I will try to put my future glasses on. I don’t know what the exact future for regulations will be – but there is a certainty that there is going to be more of them. Even in healthcare, but definitely in personal data protection. The natural progression is for regulations and increasing demand for digital security to rise, as well as to be outsourced. As well as outsourcing IT administration litigation and taxes, we are going to outsource even the regulation compliancy and digital security. Probably to SaaS (software/security as service) models or to managed providers (managed security as a service).

The post Interview: Zbyněk Sopuch, Chief Technology Officer, Safetica appeared first on HIPAA Journal.